[AusNOG] AusCERT Week in Review - Week Ending 11/09/2009 (AUSCERT#20073F686)

Richard Billington richard at auscert.org.au
Fri Sep 11 16:50:58 EST 2009


AusCERT Week in Review
11 September 2009


AusCERT in the Media:
- - ---------------------

Papers, Articles and other documents:
- - -------------------------------------


Web Log Entries:
- - ----------------
Title: Increased port 445 scanning/SMB 0Day 
Date:  09 September 2009
URL:   http://www.auscert.org.au/11613


Alerts, Advisories and Updates:
- - -------------------------------
Title: ASB-2009.1080 - [UNIX/Linux] FreeRADIUS 1.1.7 and prior: Denial of
       service - Remote/unauthenticated 
Date:  11 September 2009
URL:   http://www.auscert.org.au/11626

Title: ASB-2009.1078 - ALERT [Win][UNIX/Linux] Firefox: Multiple
       vulnerabilities 
Date:  10 September 2009
URL:   http://www.auscert.org.au/11618

Title: ASB-2009.1079 - [Win][Linux][HP-UX][Solaris][AIX] Hitachi: Execute
       arbitrary code/commands - Remote/unauthenticated 
Date:  10 September 2009
URL:   http://www.auscert.org.au/11623

Title: ASB-2009.1076 - [Appliance] Xerox WorkCentre: Denial of service -
       Remote/unauthenticated 
Date:  08 September 2009
URL:   http://www.auscert.org.au/11599

Title: ASB-2009.1077 - [Win] Microsoft Bulletin Notification - September
       Pre-release Announcement 
Date:  08 September 2009
URL:   http://www.auscert.org.au/11600

Title: ASB-2009.1074 - [Win][UNIX/Linux] DotNetNuke: Cross-site scripting -
       Remote/unauthenticated 
Date:  07 September 2009
URL:   http://www.auscert.org.au/11595

Title: ASB-2009.1075 - [Win][UNIX/Linux] Ruby on Rails: Cross-site scripting -
       Remote/unauthenticated 
Date:  07 September 2009
URL:   http://www.auscert.org.au/11597


External Security Bulletins:
- - ----------------------------
Title: ESB-2009.1281 - [Mac][OSX] Apple: Multiple vulnerabilities 
Date:  11 September 2009
OS:    Mac OS X 
URL:   http://www.auscert.org.au/11625

Title: ESB-2009.1280 - [Mac][OSX] Flash Player plug-in: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  11 September 2009
OS:    Mac OS X 
URL:   http://www.auscert.org.au/11624

Title: ESB-2009.1279 - [UNIX/Linux][Debian] nagios2: Cross-site scripting -
       Remote/unauthenticated 
Date:  10 September 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/11622

Title: ESB-2009.1278 - [Win][UNIX/Linux][Debian] xapian-omega: Cross-site
       scripting - Remote/unauthenticated 
Date:  10 September 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
       Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD Variants, SUSE,
       OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
       Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/11621

Title: ESB-2009.1277 - [RedHat] Seamonkey: Multiple vulnerabilities 
Date:  10 September 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/11620

Title: ESB-2009.1276 - ALERT [RedHat] Firefox: Multiple vulnerabilities 
Date:  10 September 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/11619

Title: ESB-2009.1275 - ALERT [Win][Mac][OSX] Quicktime: Multiple
       vulnerabilities 
Date:  10 September 2009
OS:    Windows XP, Windows 7, Windows Vista, Mac OS X 
URL:   http://www.auscert.org.au/11617

Title: ESB-2009.1274.2 - UPDATE ALERT [Appliance][Mac][OSX] iPhone/iPod touch:
       Multiple vulnerabilities 
Date:  10 September 2009
OS:    Mac OS X 
URL:   http://www.auscert.org.au/11616

Title: ESB-2009.1273 - [UNIX/Linux] qt4: Provide misleading information -
       Remote/unauthenticated 
Date:  09 September 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/11612

Title: ESB-2009.1272 - [RedHat] xmlsec1: Provide misleading information -
       Remote/unauthenticated 
Date:  09 September 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/11611

Title: ESB-2009.1271 - [RedHat] fetchmail: Multiple vulnerabilities 
Date:  09 September 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/11610

Title: ESB-2009.1270 - ALERT [Cisco] Cisco Systems: Denial of service -
       Remote/unauthenticated 
Date:  09 September 2009
OS:    Cisco Products 
URL:   http://www.auscert.org.au/11609

Title: ESB-2009.1269.2 - UPDATE ALERT [Win] SMB: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  09 September 2009
OS:    Windows Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/11608

Title: ESB-2009.1268 - ALERT [Win] Wireless LAN AutoConfig Service: Execute
       arbitrary code/commands - Remote/unauthenticated 
Date:  09 September 2009
OS:    Windows Vista, Windows Server 2008 
URL:   http://www.auscert.org.au/11607

Title: ESB-2009.1267.2 - UPDATED ALERT [Win] Windows TCP/IP: Multiple
       vulnerabilities 
Date:  10 September 2009
OS:    Windows Server 2008, Windows Vista, Windows 2000, Windows XP, Windows
       2003 
URL:   http://www.auscert.org.au/11606

Title: ESB-2009.1266.2 - UPDATED ALERT [Win] Windows Media Format (WMF):
       Execute arbitrary code/commands - Remote with user interaction 
Date:  09 September 2009
OS:    Windows Server 2008, Windows Vista, Windows 2000, Windows XP, Windows
       2003 
URL:   http://www.auscert.org.au/11604

Title: ESB-2009.1265 - ALERT [Win] DHTML Editing Component ActiveX control:
       Execute arbitrary code/commands - Remote with user interaction 
Date:  09 September 2009
OS:    Windows 2003, Windows XP, Windows 2000 
URL:   http://www.auscert.org.au/11603

Title: ESB-2009.1264 - ALERT [Win] JScript: Execute arbitrary code/commands -
       Remote with user interaction 
Date:  09 September 2009
OS:    Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server
       2008 
URL:   http://www.auscert.org.au/11602

Title: ESB-2009.1263 - ALERT
       [Win][UNIX/Linux][Appliance][Juniper][Cisco][RedHat] TCP Protocol:
       Denial of service - Remote/unauthenticated 
Date:  09 September 2009
OS:    Windows 2003, Cisco Products, Red Hat Linux, Ubuntu, Debian GNU/Linux,
       Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux Variants,
       Windows Server 2008 
URL:   http://www.auscert.org.au/11601

Title: ESB-2009.1262 - [UNIX/Linux][Debian] cyrus-imapd-2.2: Increased
       privileges - Existing account 
Date:  08 September 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/11598

Title: ESB-2009.1261 - [Win] VMware: Execute arbitrary code/commands - Remote
       with user interaction 
Date:  07 September 2009
OS:    Windows 2003, Windows XP, Windows 2000, Windows Vista, Windows Server
       2008 
URL:   http://www.auscert.org.au/11596

Title: ESB-2009.1260 - [Solaris][OpenSolaris] libxml2: Denial of service -
       Remote with user interaction 
Date:  07 September 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/11594

Title: ESB-2009.1259 - [UNIX/Linux][Debian] silc-client/silc-toolkit: Multiple
       vulnerabilities 
Date:  07 September 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/11593

Title: ESB-2009.1258 - [Debian] openoffice.org: Multiple vulnerabilities 
Date:  07 September 2009
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/11592

Title: ESB-2009.1257 - [Win][UNIX/Linux][RedHat] OpenOffice.org: Multiple
       vulnerabilities 
Date:  07 September 2009
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
       Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants, SUSE,
       OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux
       Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/11591

Title: ESB-2009.1235.3 - UPDATE [Win] Microsoft Internet Information Server:
       Denial of service - Remote/unauthenticated 
Date:  07 September 2009
OS:    Windows Server 2008, Windows Vista, Windows 2000, Windows XP, Windows
       2003 
URL:   http://www.auscert.org.au/11563

Title: ESB-2009.1021.3 - UPDATE [Solaris][OpenSolaris] SNMP daemon
       (snmpd(1M)): Denial of service - Remote/unauthenticated 
Date:  09 September 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/11255



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================




More information about the AusNOG mailing list